The PCI DSS is a proprietary information security standard that was developed and mandated by major global credit card brands, including Visa, MasterCard, American Express, Discover, and JCB. All merchants that accept or process these companies’ cards must comply with PCI DSS, and compliance must be validated annually by an external Qualified Security Assessor (QSA) such as Lazarus Alliance. Lazarus Alliance will perform an audit and appropriate testing of PledgeUp.com’s data security controls related to the storage, processing, and transmission of payment card information.

“PledgeUp.com’s customers use their platform to process payments for dues and donations, as well as store membership rosters, pledge cards, authorization signatures, and other highly sensitive information on members and donors,” said Michael Peters, CEO of Lazarus Alliance. “PledgeUp.com is very serious about ensuring best practice processes and controls to proactively address information security and compliance risks. Our QSA audit will validate their processes and controls, and the penetration tests and vulnerability scans we will be conducting will ensure that PledgeUp.com maintains proactive cyber security and PCI compliance going forward.”

In addition to annual certifications, the PCI DSS mandates that organizations regularly monitor and test their networks, as well as maintain a vulnerability management program and a comprehensive information security policy. Lazarus Alliance is using Continuum GRC’s IT Audit Machine (ITAM), a RegTech software solution that automates governance, risk, and compliance processes, to tie all compliance and security data together.

“The ITAM comes pre-loaded with PCI DSS and security policy modules, which greatly simplify compliance and policy development. It also creates a centralized repository for all security, governance, and compliance information across all of the client’s systems, which is crucial in today’s complex data environments,” explained Peters. “It allows both us and the client to see exactly where they are vulnerable, so that we can shore up those vulnerabilities before a hacker finds them.”